Bug 430364
| Summary: | setup-ds-admin.pl does not correctly set the admin server ip address | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | [Retired] 389 | Reporter: | Andrey Ivanov <andrey.ivanov> | ||||||||||
| Component: | Install/Uninstall | Assignee: | Nathan Kinder <nkinder> | ||||||||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Chandrasekar Kannan <ckannan> | ||||||||||
| Severity: | medium | Docs Contact: | |||||||||||
| Priority: | medium | ||||||||||||
| Version: | 1.1.2 | CC: | benl, cduryee, jgalipea, nhosoi, rmeggins | ||||||||||
| Target Milestone: | --- | ||||||||||||
| Target Release: | --- | ||||||||||||
| Hardware: | x86_64 | ||||||||||||
| OS: | Linux | ||||||||||||
| Whiteboard: | |||||||||||||
| Fixed In Version: | 8.1 | Doc Type: | Bug Fix | ||||||||||
| Doc Text: | Story Points: | --- | |||||||||||
| Clone Of: | Environment: | ||||||||||||
| Last Closed: | 2009-04-29 23:02:11 UTC | Type: | --- | ||||||||||
| Regression: | --- | Mount Type: | --- | ||||||||||
| Documentation: | --- | CRM: | |||||||||||
| Verified Versions: | Category: | --- | |||||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||||
| Embargoed: | |||||||||||||
| Bug Depends On: | |||||||||||||
| Bug Blocks: | 249650, 493682 | ||||||||||||
| Attachments: |
|
||||||||||||
|
Description
Andrey Ivanov
2008-01-26 22:36:20 UTC
Tested on CentOS 5.1 x86_64 with all the latest updates. Created attachment 330174 [details]
Adminserver diffs
There were numerous issues contributing to this problem.
The first issue is that an error was being returned by the config CGI when attempting to set the IP address in console.conf, but the AdminServer.pm code was not detecting this error. This caused the install to not error out reporting that there was a problem with the IP address.
The second issue is that the validation of the IP address in the config CGI was too strict. To validate the IP address, we were getting the hostname of the system, doing a reverse lookup to get the addresses associated with that hostname, then checking if any of those addresses matched the one form the .inf file. If the requested address is assigned to a different hostname, this validation will fail. The fix is to simply try to bind the address to a socket to see if the address is valid. We don't need to care what hostname it is associated with, we just need to know that the address is assigned to the system.
The third issue is that the template file for the "o=NetscapeRoot" entry was missing a replace macro for the "nsServerAddress" attribute. The fix just adds the macro and maps it to the ServerIpAddress .inf directive.
Checked into adminserver (HEAD). Thanks to Noriko for her review! Checking in admserv/cgi-src40/config.c; /cvs/dirsec/adminserver/admserv/cgi-src40/config.c,v <-- config.c new revision: 1.17; previous revision: 1.16 done Checking in admserv/newinst/src/AdminServer.pm.in; /cvs/dirsec/adminserver/admserv/newinst/src/AdminServer.pm.in,v <-- AdminServer.pm.in new revision: 1.15; previous revision: 1.14 done Checking in admserv/newinst/src/adminserver.map.in; /cvs/dirsec/adminserver/admserv/newinst/src/adminserver.map.in,v <-- adminserver.map.in new revision: 1.11; previous revision: 1.10 done Checking in admserv/schema/ldif/20asdata.ldif.tmpl; /cvs/dirsec/adminserver/admserv/schema/ldif/20asdata.ldif.tmpl,v <-- 20asdata.ldif.tmpl new revision: 1.7; previous revision: 1.6 done *** Bug 432070 has been marked as a duplicate of this bug. *** Created attachment 330399 [details]
Additional diffs
It turns out that my previous fix broke a regular interactive setup. When performing a typical interactive setup, you are not prompted for the adminserver IP address. This was causing the value to be undefined in the inf, which would make setup error out.
The fix is to set a default answer of "0.0.0.0" if the adminserver IP is not specified via inf already.
Created attachment 330404 [details]
console patches
Created attachment 330405 [details]
cvs commit log - console
Reviewed by: nkinder (Thanks!)
Fix Description: If the admin server advertises its IP address in its cn=config nsServerAddress, the console will attempt to use the address instead of hostname (which will break https, btw). If the address is set to 0.0.0.0, clients cannot use this, so must fall back on the hostname.
Platforms tested: RHEL5
Flag Day: no
Doc impact: no
Checked in changes from comment#7 to adminserver (HEAD). Thanks to Noriko for her review! Checking in Makefile.am; /cvs/dirsec/adminserver/Makefile.am,v <-- Makefile.am new revision: 1.43; previous revision: 1.42 done Checking in Makefile.in; /cvs/dirsec/adminserver/Makefile.in,v <-- Makefile.in new revision: 1.51; previous revision: 1.50 done Checking in aclocal.m4; /cvs/dirsec/adminserver/aclocal.m4,v <-- aclocal.m4 new revision: 1.44; previous revision: 1.43 done Checking in configure; /cvs/dirsec/adminserver/configure,v <-- configure new revision: 1.48; previous revision: 1.47 done Checking in configure.ac; /cvs/dirsec/adminserver/configure.ac,v <-- configure.ac new revision: 1.29; previous revision: 1.28 done Checking in admserv/cfgstuff/console.conf.in; /cvs/dirsec/adminserver/admserv/cfgstuff/console.conf.in,v <-- console.conf.in new revision: 1.4; previous revision: 1.3 done Checking in admserv/newinst/src/ASDialogs.pm.in; /cvs/dirsec/adminserver/admserv/newinst/src/ASDialogs.pm.in,v <-- ASDialogs.pm.in new revision: 1.7; previous revision: 1.6 done Checking in mod_admserv/Makefile.in; /cvs/dirsec/mod_admserv/Makefile.in,v <-- Makefile.in new revision: 1.27; previous revision: 1.26 done Checking in mod_admserv/aclocal.m4; /cvs/dirsec/mod_admserv/aclocal.m4,v <-- aclocal.m4 new revision: 1.19; previous revision: 1.18 done Checking in mod_admserv/configure; /cvs/dirsec/mod_admserv/configure,v <-- configure new revision: 1.29; previous revision: 1.28 done Checking in mod_admserv/ltmain.sh; /cvs/dirsec/mod_admserv/ltmain.sh,v <-- ltmain.sh new revision: 1.7; previous revision: 1.6 done fix verified RHEL 4 DS 8.1 ini file: [General] AdminDomain = example.com SuiteSpotGroup = nobody ConfigDirectoryLdapURL = ldap://jennyv4.bos.redhat.com:389/o=NetscapeRoot ConfigDirectoryAdminID = admin SuiteSpotUserID = nobody ConfigDirectoryAdminPwd = Secret123 FullMachineName = jennyv4.bos.redhat.com [admin] ServerAdminID = admin ServerAdminPwd = Secret123 SysUser = nobody ServerIpAddress = 10.16.0.49 Port = 10166 [slapd] InstallLdifFile = none ServerIdentifier = jennyv4 ServerPort = 389 AddOrgEntries = No RootDN = cn=Directory Manager RootDNPwd = Secret123 SlapdConfigForMC = yes Suffix = dc=example, dc=com UseExistingMC = 0 AddSampleEntries = No [root@jennyv4 jenny]# ldapsearch -x -w Secret123 -D "cn=Directory Manager" -b "o=NetscapeRoot" nsServerPort=10166 # extended LDIF # # LDAPv3 # base <o=NetscapeRoot> with scope sub # filter: nsServerPort=10166 # requesting: ALL # # configuration, admin-serv-jennyv4, Red Hat Administration Server, Server Gr oup, jennyv4.bos.redhat.com, example.com, NetscapeRoot dn: cn=configuration, cn=admin-serv-jennyv4, cn=Red Hat Administration Server, cn=Server Group, cn=jennyv4.bos.redhat.com, ou=example.com, o=NetscapeRoot nsServerPort: 10166 objectClass: nsConfig objectClass: nsAdminConfig objectClass: nsAdminObject objectClass: nsDirectoryInfo objectClass: top nsClassname: com.netscape.management.admserv.AdminServer.jar@ cn=admin-serv-jennyv4, cn=Red Hat Administration Server, cn=Server Group, cn= jennyv4.bos.redhat.com, ou=example.com, o=NetscapeRoot cn: Configuration nsDirectoryInfoRef: cn=Server Group, cn=jennyv4.bos.redhat.com, ou=example.com , o=NetscapeRoot nsAdminAccessAddresses: * nsSuiteSpotUser: nobody nsAdminEnableDSGW: on nsAdminAccessHosts: *.example.com nsAdminCacheLifetime: 600 nsDefaultAcceptLanguage: en nsServerAddress: 10.16.0.49 nsAdminOneACLDir: adminacl nsErrorLog: /var/log/dirsrv/admin-serv/error nsAdminUsers: /etc/dirsrv/admin-serv/admpw nsPidLog: admin-serv.pid nsAccessLog: /var/log/dirsrv/admin-serv/access nsAdminEnableEnduser: on console.conf: Listen 10.16.0.49:10166 An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-0455.html |